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WHAT IS CLAIMED IS: 

1 . method for encrypting data, the method comprising: 
generating a session key; 
encrypting: the data utilizing the session key; 
encrypting the session key utilizing a user public key; 
encrypting tWe session key utilizing a master public key; and 
generating a data packet including the encrypted data and the encrypted 

session loeys. 

2. The method, as set forth in claim 1, further comprising: 
transmitting tne data packet to a destination data processing system; 
decrypting the\sessi&n key utilizing a user private key; and 
decrypting the <mta utilizing the session key. 



3. The method, as set forth in claim 1, further comprising: 
decrypting the encrypted session key with a master private key; and 
decrypting the data with the session key. 

4. The method,\as set forth in claim 1, further comprising encrypting the 
s^sioiHcey utilizing an asymmetric encryption routine. 




5. The method, as Bet forth in claim 1, further comprising encrypting the 
data utilizing a symmetric enaction routine. 



6. The method, as set ferfl\ in claim 1, further comprising encrypting the 
session key utilizing the user's pulaWkey. 

The method, as set form in claim 2, further comprising storing the 
setfJS private key on a data storage medium coupled to the destination data processing 
system. 




- 15 



Client Reference: DC-01753\ 




ey Docket No.: M-72I9US 



1 

2 
3 



8. ^ The method, as set forth in claim 3, further comprising storing the 
master private key on a data storage medium coupled to the destination data 
processing system. 



1 9. Tfae method, as set forth in claim 2, further comprising retrieving the 

2 user's private keA from a smart card utilizing a smart card reader coupled to the 

3 destination data processing system. 



1 10. The method, as set forth in claim 3, further comprising retrieving the 

2 master private key from a smart card utilizing a smart card reader coupled to the 

3 destination data processing system. 

1 11. The method, as set forth in claim 1 , further comprising utilizing a 

2 plurality of public master keys and a plurality of private master keys to decrypt the 

3 encrypted session key. 



US 



1 12. A public key data encryption system wherein each user has a private 

2 key and a certificate contaimng data pertaining to the user including the user's public 

3 key, the encryption system comprising: 

4 a master public key; 

5 a first data processingkystem operable to generate a session key, to encrypt 

6 data using the session key, to encrypt the session key with the user's 

7 public key, to enbrypt the session key with the master public key, to 

8 generate a data pabket including the encrypted session keys and the 

9 encrypted data, and to transmit the data packet. 
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13. The public key data encryption system, as set forth in claim 12, further 
comprising: 

a second data processing system operable to receive the data packet, to decrypt 
the encryp\edfe#ss^pn key with the user's private key, and to decrypt 
the data wiu* t^e session key. 
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14. The public key^data encryption system, as set forth in claim 12, further 
comprising: 

a master privateMceyJfancT 

a second data processing system operable to receive the data packet, to decrypt 
the encrypted session key with the master private key, and to decrypt 
the data with the session key. 



15. \The public key data encryption system, as set forth in claim 12, 
an asyf^imetric encryption routine is utilized to encrypt the session key. 




16. Th& public key data encryption system, as set forth in claim 12, 
wherein a symmetric encryption routine is utilized to encrypt the data. 

17. The publia^ey data encryption system, as set forth in claim 12, 
wherein the user's publm key is utilized to encrypt the session key. 




[8. \ The public key data encryption system, as set forth in claim 13, 
lerein the User's private key is stored on a data storage medium coupled to the 
second data processing system. 



19. Hie public key data encryption system, as set forth in claim 14, 
wherein the master private key is stored on a data storage medium coupled to the 
second data processing system. 

20. The public key data encryption system, as set forth in claim 13, further 
comprising a smart cardVeader coupled to the second data processing system and 
operable to retrieve the user's private key from a smart card. 

21. The public key^data encryption system, as set forth in claim 14, further 
comprising a smart card readercoupled to the second data processing system and 
operable to retrieve the master private key from a smart card. 
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1 22. The D&bl ic key data encryption system, as set forth in claim 12, further 

2 comprising: 

3 a plurality of mWer private keys; 

4 a plurality of m^ter public keys; and 

5 a second data processing system operable to receive the data packet, to decrypt 

6 the encrypted session key with the plurality of master private keys, and 

7 to decrypt tthe data with the session key. 

1 23 . An article or manufacture comprising : 

2 a computer usable medium having computer readable program code embodied 

3 therein for encrypting and decrypting data wherein each user has a 
Q 4 private key anq a public key, the article of manufacture comprising: 
Uj 5 a master public key; 

! 6 a first data processing niodule operable to generate a session key, to encrypt 

j^j 7 data using the session key, to encrypt the session key with the user's 

O 8 public key, to encifypt the session key with the master public key, to 

q 9 generate a data packet including the encrypted session keys and the 

^ 1 0 encrypted data, and\o transmit the data packet; 



<£1 



h 

1 24. The article of manufacture, as set forth in claim 23, further comprising: 

2 a second data processing module operable to receive the data packet, to 

3 decrypt the encrVpted session key with the user's private key, and to 

4 decrypt the data wi^th th^ession key. 

1 25. The article of manufacture, as/set forth in claim 23, further comprising: 

2 a master private key; and 

3 a second data processing systemje<perable to receive the data packet, to decrypt 

4 the encrypted session key^with the master private key, and to decrypt 

5 the data with the session ] 
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26. \ The article of manufacture, as set forth in claim 24, wherein an 
etric encryption routine is utilized to encrypt the session key. 



27. Thaarticle of manufacture, as set forth in claim 24, wherein a 
symmetric encryption routine is utilized to encrypt the data. 

28. The article of manufacture, as set forth in claim 24, wherein the user's 
public key is utilized toWcrypt the session key. 



29. The article ©f manufacture, as set forth in claim 24, further comprising: 
a plurality of master private keys; 
a plurality of master pyblic keys; and 

a second data processing module operable to receive the data packet, to 

decrypt the encrypted session key with the plurality of master private 
keys, and to decrypt the data with the session key. 
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